So it is reported ad nauseum every few years that this ability to track cell phones that are powered off and even with battery removed is not only possibe, but it is being actively used for the last 20 years.
I find this all very hard to understand. Citing a person who wants to sell you a metal bag to keep your phone in when you get up to no good certainly isn't helping.
If power is required, presumably the phone baseband has to wakes up and do something. A researcher could easily detect this by monitoring the power consumption or the local RF environment. Also baseband engineers and phone electronics manufacturers all have to have basically their entire design and engineering staff looped in to provide for this functionality. Where is this data?
If power is not required, nobody has yet presented any satisfactory explanation of how such passive tracking could even be possible over a wide area without being in very very close proximity to the device or having an unbelievably dense active sensor network. (NFC, silicon junction detection/fingerprinting, etc.) If this type of passive tracking is possible, then it certainly would not require that the device being tracked is even a phone.
I agree with your logic. It's just that the "researchers" thing just doesn't smell right for me. You hear constantly about researchers finding malware/spyware related to Chinese hackers, to Russian hackers, to North Korean hackers. No researcher has ever found anything related to American hackers, European hackers or Israeli hackers. Either western state hackers are so good that researchers never find out what they do, or researchers get a visit from two guys in a black suit when they find something relevant and decide not to publish anything.
Are you just going to ignore the massive amount of research done by Citizen Labs in exposing the use of Israeli spyware to surveil journalists and activists?
Squint enough and you'll see a cellphone consists of two primary chipsets: a main SOC/stack that runs the operating system, and a modem/software stack that pushes cell packets. Power the phone down and you (may) fully shut down the OS/processor; you likely aren't powering down the modem.
I don’t have an ee/hardware background but given two things I can naïvely assume this is possible.
1) Nowadays, we can send text messages directly through satellites in space. So the satellites are obviously sensitive enough to pick up whatever is being admitted from the phones.
2) I forget what they’re called, But for more than a few decades, now the way the bug detectors work is by relying on some physical properties of transistors when exposed to some EMF maybe, even when off.
So yeah, with like advanced modern sensors and AI power signal processing maybe it is possible.
Someone with an EE background can sign in and tell me why maybe 2 is not possible from space
So the man that sells Faraday pouches to put your phone in. Says the NSA can track your phone if you don't use his product. With no further technical information?
If I were putting a back door in cell modem silicon to track the device when it's totally powered off, I'd do something like a passive RF bug. Surely you could get something like an RFID circuit to hang off one of the many antenna in a phone. Then you just give it a path to a unique id, maybe derived from the MAC or something.
Julia Stiles "Nicky Parsons" in the Bourne trilogy removes her battery when being chased by an assassin from the coffee shop, Jason finds it smashed on the pathway and you would think that in a spy film the bad guys would still be able track her.
It is inappropriate to assert that a capability from 2003, used against what were almost certainly Nokia x100-series GSM phones, will still work against devices in 2025.
By September 2004, a new NSA technique enabled the agency to find cellphones even when they were turned off. JSOC troops called this "The Find," and it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq, according to members of the unit.
Sounds more like a radar metal detector sort of thing than phone hacking.
It was not common for the low-end phones of the type used by Iraqi insurgents in 2003 to be equipped with Bluetooth.
Remember the "NSA can track phones when turned off" was from 2003.
Try to remember 2003, then adjust your memories to match the reality for an impoverished Iraqi.
My guess is that because they controlled the cellular network they pushed out an OTA firmware that made it so the phones didn't actually turn off but went into one of the ARM7TDMI's low power modes where it would wake up periodically and ping a tower before going back to sleep without turning on the screen. Those modes used so little power you wouldn't notice a difference in overall battery life.
This would be trivially detectable by any party with a $10 SDR dongle in 2025.
Or it could be a radar that resonate with common GSM filter circuitries or Nokia BL-4C or something like that. Quoted problem definition is "find cellphones even when they were turned off", not "locate" or "track" "a phone" or "user turns off".
It's also supposedly something US JSOC is involved with, which is more like IRL Call of Duty group of people than black suited 007 or drone trailer people, so my intuition is that the system is more likely to look like a hearbeat sensor attachment than a cloud based offering.
brute forcing AES256 would require computing power that, as far as we know, the NSA doesn't have. That's a very different situation than the NSA being able to force the hand of the extremely small number of US companies who are legally able to produce the baseband chipsets found in every single cell phone. All the NSA has to do is hand a single national security letter to Qualcomm and they'd be able to backdoor half of the entire market. That's just the hardware. To backdoor the software they only need to knock on the doors of two corporations.
I find this all very hard to understand. Citing a person who wants to sell you a metal bag to keep your phone in when you get up to no good certainly isn't helping.
If power is required, presumably the phone baseband has to wakes up and do something. A researcher could easily detect this by monitoring the power consumption or the local RF environment. Also baseband engineers and phone electronics manufacturers all have to have basically their entire design and engineering staff looped in to provide for this functionality. Where is this data?
If power is not required, nobody has yet presented any satisfactory explanation of how such passive tracking could even be possible over a wide area without being in very very close proximity to the device or having an unbelievably dense active sensor network. (NFC, silicon junction detection/fingerprinting, etc.) If this type of passive tracking is possible, then it certainly would not require that the device being tracked is even a phone.
reply